https://tryhackme.com/room/socworkbookslookups
Created by: tryhackme, TactfulTurtle
“Alert triage is a complex process that often requires analysts to gather additional information about affected employees or servers. This room explores SOC workbooks designed to streamline alert triage and explains various lookup methods to quickly retrieve user and system context.”
In Task 2, THM covers the two most important things of an IT infrastructure: assets and identities. “Identity inventory is a catalogue of corporate employees (user accounts), services (machine accounts), and their details like privileges, contacts, and roles within the company,” and “Asset inventory, also called asset lookup, is a list of all computing resources within an organization’s IT environment”. The room gives various examples of both assets and identities, and the way those are viewed from different software/infrastructures.
In Task 3, Network Diagrams, we are getting a little more technical, as this deals with network alerts. To better understand the task, it’s assumed you know about network subnets. If you do not, please look at the other TryHackMe rooms regarding Networks: https://tryhackme.com/module/network-fundamentals, as well as other ones if need be, to wrap your head around networking.
In Task 4, Workbooks Theory, we are going over workbooks. Think of workbooks as guides! “SOC workbook, also called playbook, runbook, or workflow, is a structured document that defines the steps required to investigate and remediate specific threats efficiently and consistently. Since L1 analysts are considered junior specialists and are not expected to triage every possible attack scenario perfectly, senior analysts often prepare workbooks to support their less experienced teammates. L1 analysts are recommended and sometimes even required to triage the alerts precisely according to workbooks to avoid mistakes and streamline the analysis.”
In task 5, Workbooks Practice, we go over a SOAR workbooks. There are three different ones: Email Analysis, PowerShell Analysis, and Network Analysis. You will drag and drop each answer into the box. If the answer is incorrect, the answer you are trying to drag and drop won’t take.
